From patchwork Tue Sep 24 16:39:54 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenzo Bianconi
X-Patchwork-Id: 1166737
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Authentication-Results: ozlabs.org;
dmarc=fail (p=none dis=none) header.from=redhat.com
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
[140.211.169.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 46d6R72psrz9sPL
for ;
Wed, 25 Sep 2019 02:40:53 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
by mail.linuxfoundation.org (Postfix) with ESMTP id 86E8FDB2;
Tue, 24 Sep 2019 16:40:14 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id ACA57DA5
for ; Tue, 24 Sep 2019 16:40:13 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E7B6A8A6
for ; Tue, 24 Sep 2019 16:40:12 +0000 (UTC)
Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com
[209.85.221.69])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
bits)) (No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 14F7E7FDE9
for ; Tue, 24 Sep 2019 16:40:12 +0000 (UTC)
Received: by mail-wr1-f69.google.com with SMTP id a4so823810wrg.8
for ; Tue, 24 Sep 2019 09:40:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
:references:mime-version:content-transfer-encoding;
bh=IiEQlclqqetUoTXqOvqHZTzDFHInBY6l4lyFGDzaL4Y=;
b=RVDvYacMYsJ0t8YXDnxcwepCOyERKH3k17ifVUz3aYPGp2HxW1kNpeowEOmwg0wL8i
5Wr20BbZBsL783RBk9Df/GbJzS8yKRYv8PgyULCeMsMDpHuE4slFI4VAppxFPWjqZbnU
sXnmgZumORsX46oHR7YUtmNPyb2lGXV9tkmjBGl4YdPoCrANgf0F5uEdU0htglrGckOV
X5/Xz0uCZU8OgDAVP62jI5UDJvgSVGd1S8r6nm/uatwJtqe1Y38bayNU9AcqNBq5qCi9
EZdeL2N9Uy9FZvki6qhLwwpA1KRRsycKii4kbqn8/xAgfz1lGwZjQ+D2KLZgUXue/8VM
GiYw==
X-Gm-Message-State: APjAAAXNgmT8PiBI9bi+5SLYlUJzXKl0TqIUSctmlEysGNzxR/XhIdgv
BPyrfdv99SJVl8ftJ7ApkHACLYGcPXvIFzo9XjaE3iV6UKsMGaPyERI3d0aSs3lxPvyeZUIi8+H
CHtUN85yfsuWcrbxQwA==
X-Received: by 2002:adf:df91:: with SMTP id
z17mr3249422wrl.116.1569343210356;
Tue, 24 Sep 2019 09:40:10 -0700 (PDT)
X-Google-Smtp-Source:
APXvYqyW39JIO172Jd/3KtIvPXsERk262fFKNFnbTI3kipFrdQJpVRWaD+zVrDCvkuD8Low9Aqx0aA==
X-Received: by 2002:adf:df91:: with SMTP id
z17mr3249391wrl.116.1569343210027;
Tue, 24 Sep 2019 09:40:10 -0700 (PDT)
Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com.
[149.6.153.186]) by smtp.gmail.com with ESMTPSA id
207sm789321wme.17.2019.09.24.09.40.09
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 24 Sep 2019 09:40:09 -0700 (PDT)
From: Lorenzo Bianconi
To: ovs-dev@openvswitch.org
Date: Tue, 24 Sep 2019 18:39:54 +0200
Message-Id:
<1a3538a3253adf26f65b18a81b13451036c3986e.1569342607.git.lorenzo.bianconi@redhat.com>
X-Mailer: git-send-email 2.21.0
In-Reply-To:
References:
MIME-Version: 1.0
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH v2 ovn 1/3] Add egress QoS mapping for non-tunnel
interfaces
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org
Introduce add_localnet_egress_interface_mappings routine in order to collect as
egress interfaces all ovs bridge interfaces marked with ovn-egress-iface
in the external_ids column of ovs interface table.
ovn-egress-iface is used to indicate to which localnet ports QoS egress
shaping has to be applied.
Refactor add_bridge_mappings routine
Signed-off-by: Lorenzo Bianconi
Acked-by: Dumitru Ceara
---
controller/binding.c | 51 ++++++++++++++++++++++++-
controller/binding.h | 4 ++
controller/ovn-controller.c | 3 +-
controller/patch.c | 76 +++++++++++++++++++++----------------
controller/patch.h | 4 ++
5 files changed, 103 insertions(+), 35 deletions(-)
diff --git a/controller/binding.c b/controller/binding.c
index 242163d59..aad9d39e6 100644
--- a/controller/binding.c
+++ b/controller/binding.c
@@ -18,6 +18,7 @@
#include "ha-chassis.h"
#include "lflow.h"
#include "lport.h"
+#include "patch.h"
#include "lib/bitmap.h"
#include "openvswitch/poll-loop.h"
@@ -532,6 +533,9 @@ consider_local_datapath(struct ovsdb_idl_txn *ovnsb_idl_txn,
/* Add all localnet ports to local_lports so that we allocate ct zones
* for them. */
sset_add(local_lports, binding_rec->logical_port);
+ if (qos_map && ovs_idl_txn) {
+ get_qos_params(binding_rec, qos_map);
+ }
} else if (!strcmp(binding_rec->type, "external")) {
if (ha_chassis_group_contains(binding_rec->ha_chassis_group,
chassis_rec)) {
@@ -619,10 +623,48 @@ consider_local_datapath(struct ovsdb_idl_txn *ovnsb_idl_txn,
}
}
+static void
+add_localnet_egress_interface_mappings(
+ const struct sbrec_port_binding *port_binding,
+ struct shash *bridge_mappings, struct sset *egress_ifaces)
+{
+ const char *network = smap_get(&port_binding->options, "network_name");
+ if (!network) {
+ return;
+ }
+
+ struct ovsrec_bridge *br_ln = shash_find_data(bridge_mappings, network);
+ if (!br_ln) {
+ return;
+ }
+
+ /* Add egress-ifaces from the connected bridge */
+ for (size_t i = 0; i < br_ln->n_ports; i++) {
+ const struct ovsrec_port *port_rec = br_ln->ports[i];
+
+ for (size_t j = 0; j < port_rec->n_interfaces; j++) {
+ const struct ovsrec_interface *iface_rec;
+
+ iface_rec = port_rec->interfaces[j];
+ bool is_egress_iface = smap_get_bool(&iface_rec->external_ids,
+ "ovn-egress-iface", false);
+ if (!is_egress_iface) {
+ continue;
+ }
+ sset_add(egress_ifaces, iface_rec->name);
+ }
+ }
+}
+
static void
consider_localnet_port(const struct sbrec_port_binding *binding_rec,
+ struct shash *bridge_mappings,
+ struct sset *egress_ifaces,
struct hmap *local_datapaths)
{
+ add_localnet_egress_interface_mappings(binding_rec,
+ bridge_mappings, egress_ifaces);
+
struct local_datapath *ld
= get_local_datapath(local_datapaths,
binding_rec->datapath->tunnel_key);
@@ -655,6 +697,8 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
const struct ovsrec_bridge *br_int,
const struct sbrec_chassis *chassis_rec,
const struct sset *active_tunnels,
+ const struct ovsrec_bridge_table *bridge_table,
+ const struct ovsrec_open_vswitch_table *ovs_table,
struct hmap *local_datapaths, struct sset *local_lports,
struct sset *local_lport_ids)
{
@@ -663,6 +707,7 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
}
const struct sbrec_port_binding *binding_rec;
+ struct shash bridge_mappings = SHASH_INITIALIZER(&bridge_mappings);
struct shash lport_to_iface = SHASH_INITIALIZER(&lport_to_iface);
struct sset egress_ifaces = SSET_INITIALIZER(&egress_ifaces);
struct hmap qos_map;
@@ -688,14 +733,18 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
}
+ add_ovs_bridge_mappings(ovs_table, bridge_table, &bridge_mappings);
+
/* Run through each binding record to see if it is a localnet port
* on local datapaths discovered from above loop, and update the
* corresponding local datapath accordingly. */
SBREC_PORT_BINDING_TABLE_FOR_EACH (binding_rec, port_binding_table) {
if (!strcmp(binding_rec->type, "localnet")) {
- consider_localnet_port(binding_rec, local_datapaths);
+ consider_localnet_port(binding_rec, &bridge_mappings,
+ &egress_ifaces, local_datapaths);
}
}
+ shash_destroy(&bridge_mappings);
if (!sset_is_empty(&egress_ifaces)
&& set_noop_qos(ovs_idl_txn, port_table, qos_table, &egress_ifaces)) {
diff --git a/controller/binding.h b/controller/binding.h
index bae162ede..924891c1b 100644
--- a/controller/binding.h
+++ b/controller/binding.h
@@ -26,6 +26,8 @@ struct ovsdb_idl_txn;
struct ovsrec_bridge;
struct ovsrec_port_table;
struct ovsrec_qos_table;
+struct ovsrec_bridge_table;
+struct ovsrec_open_vswitch_table;
struct sbrec_chassis;
struct sbrec_port_binding_table;
struct sset;
@@ -42,6 +44,8 @@ void binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
const struct ovsrec_bridge *br_int,
const struct sbrec_chassis *,
const struct sset *active_tunnels,
+ const struct ovsrec_bridge_table *bridge_table,
+ const struct ovsrec_open_vswitch_table *ovs_table,
struct hmap *local_datapaths,
struct sset *local_lports, struct sset *local_lport_ids);
bool binding_cleanup(struct ovsdb_idl_txn *ovnsb_idl_txn,
diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c
index 33ece59be..b46a1d151 100644
--- a/controller/ovn-controller.c
+++ b/controller/ovn-controller.c
@@ -1082,7 +1082,8 @@ en_runtime_data_run(struct engine_node *node)
sbrec_port_binding_by_name,
port_table, qos_table, pb_table,
br_int, chassis,
- active_tunnels, local_datapaths,
+ active_tunnels, bridge_table,
+ ovs_table, local_datapaths,
local_lports, local_lport_ids);
update_ct_zones(local_lports, local_datapaths, ct_zones,
diff --git a/controller/patch.c b/controller/patch.c
index a6770c6d5..f2053de7b 100644
--- a/controller/patch.c
+++ b/controller/patch.c
@@ -129,6 +129,48 @@ remove_port(const struct ovsrec_bridge_table *bridge_table,
}
}
+void
+add_ovs_bridge_mappings(const struct ovsrec_open_vswitch_table *ovs_table,
+ const struct ovsrec_bridge_table *bridge_table,
+ struct shash *bridge_mappings)
+{
+ const struct ovsrec_open_vswitch *cfg;
+
+ cfg = ovsrec_open_vswitch_table_first(ovs_table);
+ if (cfg) {
+ const char *mappings_cfg;
+ char *cur, *next, *start;
+
+ mappings_cfg = smap_get(&cfg->external_ids, "ovn-bridge-mappings");
+ if (!mappings_cfg || !mappings_cfg[0]) {
+ return;
+ }
+
+ next = start = xstrdup(mappings_cfg);
+ while ((cur = strsep(&next, ",")) && *cur) {
+ const struct ovsrec_bridge *ovs_bridge;
+ char *network, *bridge = cur;
+
+ network = strsep(&bridge, ":");
+ if (!bridge || !*network || !*bridge) {
+ VLOG_ERR("Invalid ovn-bridge-mappings configuration: '%s'",
+ mappings_cfg);
+ break;
+ }
+
+ ovs_bridge = get_bridge(bridge_table, bridge);
+ if (!ovs_bridge) {
+ VLOG_WARN("Bridge '%s' not found for network '%s'",
+ bridge, network);
+ continue;
+ }
+
+ shash_add(bridge_mappings, network, ovs_bridge);
+ }
+ free(start);
+ }
+}
+
/* Obtains external-ids:ovn-bridge-mappings from OVSDB and adds patch ports for
* the local bridge mappings. Removes any patch ports for bridge mappings that
* already existed from 'existing_ports'. */
@@ -142,41 +184,9 @@ add_bridge_mappings(struct ovsdb_idl_txn *ovs_idl_txn,
const struct sbrec_chassis *chassis)
{
/* Get ovn-bridge-mappings. */
- const char *mappings_cfg = "";
- const struct ovsrec_open_vswitch *cfg;
- cfg = ovsrec_open_vswitch_table_first(ovs_table);
- if (cfg) {
- mappings_cfg = smap_get(&cfg->external_ids, "ovn-bridge-mappings");
- if (!mappings_cfg || !mappings_cfg[0]) {
- return;
- }
- }
-
- /* Parse bridge mappings. */
struct shash bridge_mappings = SHASH_INITIALIZER(&bridge_mappings);
- char *cur, *next, *start;
- next = start = xstrdup(mappings_cfg);
- while ((cur = strsep(&next, ",")) && *cur) {
- char *network, *bridge = cur;
- const struct ovsrec_bridge *ovs_bridge;
-
- network = strsep(&bridge, ":");
- if (!bridge || !*network || !*bridge) {
- VLOG_ERR("Invalid ovn-bridge-mappings configuration: '%s'",
- mappings_cfg);
- break;
- }
- ovs_bridge = get_bridge(bridge_table, bridge);
- if (!ovs_bridge) {
- VLOG_WARN("Bridge '%s' not found for network '%s'",
- bridge, network);
- continue;
- }
-
- shash_add(&bridge_mappings, network, ovs_bridge);
- }
- free(start);
+ add_ovs_bridge_mappings(ovs_table, bridge_table, &bridge_mappings);
const struct sbrec_port_binding *binding;
SBREC_PORT_BINDING_TABLE_FOR_EACH (binding, port_binding_table) {
diff --git a/controller/patch.h b/controller/patch.h
index 9018e4967..49b0b2e90 100644
--- a/controller/patch.h
+++ b/controller/patch.h
@@ -30,7 +30,11 @@ struct ovsrec_open_vswitch_table;
struct ovsrec_port_table;
struct sbrec_port_binding_table;
struct sbrec_chassis;
+struct shash;
+void add_ovs_bridge_mappings(const struct ovsrec_open_vswitch_table *ovs_table,
+ const struct ovsrec_bridge_table *bridge_table,
+ struct shash *bridge_mappings);
void patch_run(struct ovsdb_idl_txn *ovs_idl_txn,
const struct ovsrec_bridge_table *,
const struct ovsrec_open_vswitch_table *,
From patchwork Tue Sep 24 16:39:55 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenzo Bianconi
X-Patchwork-Id: 1166739
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Authentication-Results: ozlabs.org;
dmarc=fail (p=none dis=none) header.from=redhat.com
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
[140.211.169.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 46d6R73BdBz9sPc
for ;
Wed, 25 Sep 2019 02:41:45 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
by mail.linuxfoundation.org (Postfix) with ESMTP id 78CB5DC6;
Tue, 24 Sep 2019 16:40:18 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 97F84DBE
for ; Tue, 24 Sep 2019 16:40:17 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 25966844
for ; Tue, 24 Sep 2019 16:40:17 +0000 (UTC)
Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com
[209.85.221.70])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
bits)) (No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 715582BF73
for ; Tue, 24 Sep 2019 16:40:16 +0000 (UTC)
Received: by mail-wr1-f70.google.com with SMTP id w10so828882wrl.5
for ; Tue, 24 Sep 2019 09:40:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
:references:mime-version:content-transfer-encoding;
bh=Wzkq72uKvp2MDgVI9/nHsDlI3mkWsHB4tMbZ492iEZ8=;
b=WBCbmwNXaVXY3haSvXbIgKJF9NGlVERGND8B80UAVApI5kk4O2rhH0AF8grVIk4+tD
mSh/5Iq2YzR01Lh2WRcBk7+TlbhODHGpMjtv0u2wHYpdubhOXy2+aRQTg+L8VkwXP+i3
oET6gBtNcGQlH8Dk6NW09oq+OWd/o9ZAX6f4RZuuExqR9xhCGN9nOswE3STukcQtm+Qr
Malcaw+rD9Uc9dh/RTCjT9YfE/+7Z40f3AZ3ebxAH1r7+3NlwEN4lEXgnYpm7aR49Cmg
iSwcx7+dgtnK/pz367LflqWRZ1sDqY3G/zxBBWN3brYncRJ6gp36Uv64XecLwBxFchvU
soNQ==
X-Gm-Message-State: APjAAAXIFfFu6Xux/Ln2wEPQy9uvknPPWd+B5e9tTa3GPOdrASiuz8AT
s4CxqQM1Z9R6AXpIAjXIkvbBcc6YMMDFbdDyq+eg9nxaQDezfoFdAbday2qqxezfH8QiCkGX9ub
Oiq93X2Q2RME8OTLqFw==
X-Received: by 2002:adf:ea92:: with SMTP id
s18mr3124339wrm.137.1569343214842;
Tue, 24 Sep 2019 09:40:14 -0700 (PDT)
X-Google-Smtp-Source:
APXvYqwUkGnJrpVd/cQ9ZMJKJH0P2oqlHBjqxAUY/hNra6whcSlr+3ISaXyfSorJf4ND46zi+EZAfQ==
X-Received: by 2002:adf:ea92:: with SMTP id
s18mr3124320wrm.137.1569343214578;
Tue, 24 Sep 2019 09:40:14 -0700 (PDT)
Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com.
[149.6.153.186]) by smtp.gmail.com with ESMTPSA id
207sm789321wme.17.2019.09.24.09.40.13
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 24 Sep 2019 09:40:13 -0700 (PDT)
From: Lorenzo Bianconi
To: ovs-dev@openvswitch.org
Date: Tue, 24 Sep 2019 18:39:55 +0200
Message-Id:
<7889765a38b32e46a1cec24345f2c64c944f4f4b.1569342607.git.lorenzo.bianconi@redhat.com>
X-Mailer: git-send-email 2.21.0
In-Reply-To:
References:
MIME-Version: 1.0
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH v2 ovn 2/3] northd: add the possibility to define
localnet as qos capable port
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org
Refactor allocate_chassis_queueid and free_chassis_queueid in order
to get an unused queue_id even for localnet ports and add the
the possibility to define localnet as qos capable port
Acked-by: Dumitru Ceara
Signed-off-by: Lorenzo Bianconi
---
northd/ovn-northd.c | 45 ++++++++++++++++++++++++++++++---------------
1 file changed, 30 insertions(+), 15 deletions(-)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index f393cebb8..633fb502b 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -357,7 +357,7 @@ destroy_chassis_queues(struct hmap *set)
}
static void
-add_chassis_queue(struct hmap *set, struct uuid *chassis_uuid,
+add_chassis_queue(struct hmap *set, const struct uuid *chassis_uuid,
uint32_t queue_id)
{
struct ovn_chassis_qdisc_queues *node = xmalloc(sizeof *node);
@@ -368,7 +368,7 @@ add_chassis_queue(struct hmap *set, struct uuid *chassis_uuid,
}
static bool
-chassis_queueid_in_use(const struct hmap *set, struct uuid *chassis_uuid,
+chassis_queueid_in_use(const struct hmap *set, const struct uuid *chassis_uuid,
uint32_t queue_id)
{
const struct ovn_chassis_qdisc_queues *node;
@@ -383,31 +383,38 @@ chassis_queueid_in_use(const struct hmap *set, struct uuid *chassis_uuid,
}
static uint32_t
-allocate_chassis_queueid(struct hmap *set, struct sbrec_chassis *chassis)
+allocate_chassis_queueid(struct hmap *set, const struct uuid *uuid, char *name)
{
+ if (!uuid) {
+ return 0;
+ }
+
for (uint32_t queue_id = QDISC_MIN_QUEUE_ID + 1;
queue_id <= QDISC_MAX_QUEUE_ID;
queue_id++) {
- if (!chassis_queueid_in_use(set, &chassis->header_.uuid, queue_id)) {
- add_chassis_queue(set, &chassis->header_.uuid, queue_id);
+ if (!chassis_queueid_in_use(set, uuid, queue_id)) {
+ add_chassis_queue(set, uuid, queue_id);
return queue_id;
}
}
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "all %s queue ids exhausted", chassis->name);
+ VLOG_WARN_RL(&rl, "all %s queue ids exhausted", name);
return 0;
}
static void
-free_chassis_queueid(struct hmap *set, struct sbrec_chassis *chassis,
+free_chassis_queueid(struct hmap *set, const struct uuid *uuid,
uint32_t queue_id)
{
- const struct uuid *chassis_uuid = &chassis->header_.uuid;
+ if (!uuid) {
+ return;
+ }
+
struct ovn_chassis_qdisc_queues *node;
HMAP_FOR_EACH_WITH_HASH (node, key_node,
- hash_chassis_queue(chassis_uuid, queue_id), set) {
- if (uuid_equals(chassis_uuid, &node->chassis_uuid)
+ hash_chassis_queue(uuid, queue_id), set) {
+ if (uuid_equals(uuid, &node->chassis_uuid)
&& node->queue_id == queue_id) {
hmap_remove(set, &node->key_node);
free(node);
@@ -2650,15 +2657,23 @@ ovn_port_update_sbrec(struct northd_context *ctx,
uint32_t queue_id = smap_get_int(
&op->sb->options, "qdisc_queue_id", 0);
bool has_qos = port_has_qos_params(&op->nbsp->options);
+ const struct uuid *uuid = NULL;
struct smap options;
+ char *name = "";
+
+ if (!strcmp(op->nbsp->type, "localnet")) {
+ uuid = &op->sb->header_.uuid;
+ name = "localnet";
+ } else if (op->sb->chassis) {
+ uuid = &op->sb->chassis->header_.uuid;
+ name = op->sb->chassis->name;
+ }
- if (op->sb->chassis && has_qos && !queue_id) {
+ if (has_qos && !queue_id) {
queue_id = allocate_chassis_queueid(chassis_qdisc_queues,
- op->sb->chassis);
+ uuid, name);
} else if (!has_qos && queue_id) {
- free_chassis_queueid(chassis_qdisc_queues,
- op->sb->chassis,
- queue_id);
+ free_chassis_queueid(chassis_qdisc_queues, uuid, queue_id);
queue_id = 0;
}
From patchwork Tue Sep 24 16:39:56 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenzo Bianconi
X-Patchwork-Id: 1166741
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Authentication-Results: ozlabs.org;
dmarc=fail (p=none dis=none) header.from=redhat.com
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
[140.211.169.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 46d6RX4F2hz9sPL
for ;
Wed, 25 Sep 2019 02:42:16 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
by mail.linuxfoundation.org (Postfix) with ESMTP id 347ACDCE;
Tue, 24 Sep 2019 16:40:22 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id E5599DC3
for ; Tue, 24 Sep 2019 16:40:21 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2427DB0
for ; Tue, 24 Sep 2019 16:40:21 +0000 (UTC)
Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com
[209.85.128.69])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
bits)) (No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 57204859FB
for ; Tue, 24 Sep 2019 16:40:20 +0000 (UTC)
Received: by mail-wm1-f69.google.com with SMTP id k184so328254wmk.1
for ; Tue, 24 Sep 2019 09:40:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
:references:mime-version:content-transfer-encoding;
bh=HI5e6NgwHYofTARALUkz3D/4vl27YCRmFC/fj8fq8iI=;
b=Nx+PJFgmJwp1FfcZZF7xTpUb9dWesJMg4hgVPPIGLZEWfq0kZTXOiyWKnx6h1pctZu
PXoERyHMpE3etLYXVuLSb5FvNms+BVf4Sb71UtOLzqmkgTOIqxviLIH5QkXSqQncNs4M
TkfwcOqIAbV109V5rHoli2fzvrDLqNULbEGcM3eJajSD/VUd4LwJKUwR7Ir/ySs0Vhiz
5lSCdTe9DRcCpdG6pB/jqZMa2nDsBmXSTNfh/QZXcMGfJTJESLD0DHy8pN1zaNbEYgIa
GxzSk+XjANdAxEiCmCydetwfoCms+ahmQ+KQuTPjc4LUQsoeFfeAn1NIhTVeAl/7/E3f
e60g==
X-Gm-Message-State: APjAAAVyNlGX61J5UbsrRODoA+7/wIbB1mjOxs2Mt02fH9PrACDQXiGV
h+q0VHwWlX1h6AI8Gn2ZLGL17U4aWXidqlh44ylOW/Rb3LwcHs/xzpHmX/8M0ftnaLzUp12EdgU
hREX3f7hWMb+OoRA5og==
X-Received: by 2002:a1c:3281:: with SMTP id
y123mr1057718wmy.34.1569343218770;
Tue, 24 Sep 2019 09:40:18 -0700 (PDT)
X-Google-Smtp-Source:
APXvYqyxjr5UvMAtpkAwXy/lDshvxj+e0CvEz+nl9Vs/phj81neD1sqTnXX9MsXFb6iI7R/luSp3Ow==
X-Received: by 2002:a1c:3281:: with SMTP id
y123mr1057696wmy.34.1569343218401;
Tue, 24 Sep 2019 09:40:18 -0700 (PDT)
Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com.
[149.6.153.186]) by smtp.gmail.com with ESMTPSA id
207sm789321wme.17.2019.09.24.09.40.17
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 24 Sep 2019 09:40:17 -0700 (PDT)
From: Lorenzo Bianconi
To: ovs-dev@openvswitch.org
Date: Tue, 24 Sep 2019 18:39:56 +0200
Message-Id:
X-Mailer: git-send-email 2.21.0
In-Reply-To:
References:
MIME-Version: 1.0
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH v2 ovn 3/3] northd: introduce logical flow for
localnet egress shaping
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org
Add set_queue() action for qos capable localnet port in
S_SWITCH_OUT_PORT_SEC_L2 stage of logical swith pipeline
Introduce build_lswitch_{input,outpur}_port_sec and refactor
lswitch_port_security code in order to remove duplicated code
Signed-off-by: Lorenzo Bianconi
Acked-by: Dumitru Ceara
---
northd/ovn-northd.8.xml | 7 +-
northd/ovn-northd.c | 231 ++++++++++++++++++++++++----------------
2 files changed, 143 insertions(+), 95 deletions(-)
diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
index 0f4f1c112..093b55438 100644
--- a/northd/ovn-northd.8.xml
+++ b/northd/ovn-northd.8.xml
@@ -1150,10 +1150,15 @@ output;
eth.dst
are always accepted instead of being subject to the
port security rules; this is implemented through a priority-100 flow that
matches on eth.mcast
with action output;
.
- Finally, to ensure that even broadcast and multicast packets are not
+ Moreover, to ensure that even broadcast and multicast packets are not
delivered to disabled logical ports, a priority-150 flow for each
disabled logical outport
overrides the priority-100 flow
with a drop;
action.
+ Finally if egress qos has been enabled on a localnet port, the outgoing
+ queue id is set through set_queue
action. Please remember to
+ mark the corresponding physical interface with
+ ovn-egress-iface
set to true in
Logical Router Datapaths
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 633fb502b..b1ece2d29 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -3903,6 +3903,140 @@ has_stateful_acl(struct ovn_datapath *od)
return false;
}
+static void
+build_lswitch_input_port_sec(struct hmap *ports, struct hmap *datapaths,
+ struct hmap *lflows)
+{
+ /* Logical switch ingress table 0: Ingress port security - L2
+ * (priority 50).
+ * Ingress table 1: Ingress port security - IP (priority 90 and 80)
+ * Ingress table 2: Ingress port security - ND (priority 90 and 80)
+ */
+ struct ds actions = DS_EMPTY_INITIALIZER;
+ struct ds match = DS_EMPTY_INITIALIZER;
+ struct ovn_port *op;
+
+ HMAP_FOR_EACH (op, key_node, ports) {
+ if (!op->nbsp) {
+ continue;
+ }
+
+ if (!lsp_is_enabled(op->nbsp)) {
+ /* Drop packets from disabled logical ports (since logical flow
+ * tables are default-drop). */
+ continue;
+ }
+
+ if (lsp_is_external(op->nbsp)) {
+ continue;
+ }
+
+ ds_clear(&match);
+ ds_clear(&actions);
+ ds_put_format(&match, "inport == %s", op->json_key);
+ build_port_security_l2("eth.src", op->ps_addrs, op->n_ps_addrs,
+ &match);
+
+ const char *queue_id = smap_get(&op->sb->options, "qdisc_queue_id");
+ if (queue_id) {
+ ds_put_format(&actions, "set_queue(%s); ", queue_id);
+ }
+ ds_put_cstr(&actions, "next;");
+ ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50,
+ ds_cstr(&match), ds_cstr(&actions));
+
+ if (op->nbsp->n_port_security) {
+ build_port_security_ip(P_IN, op, lflows);
+ build_port_security_nd(op, lflows);
+ }
+ }
+
+ /* Ingress table 1 and 2: Port security - IP and ND, by default
+ * goto next. (priority 0)
+ */
+ struct ovn_datapath *od;
+ HMAP_FOR_EACH (od, key_node, datapaths) {
+ if (!od->nbs) {
+ continue;
+ }
+
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_ND, 0, "1", "next;");
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_IP, 0, "1", "next;");
+ }
+
+ ds_destroy(&match);
+ ds_destroy(&actions);
+}
+
+static void
+build_lswitch_output_port_sec(struct hmap *ports, struct hmap *datapaths,
+ struct hmap *lflows)
+{
+ struct ds actions = DS_EMPTY_INITIALIZER;
+ struct ds match = DS_EMPTY_INITIALIZER;
+ struct ovn_port *op;
+
+ /* Egress table 8: Egress port security - IP (priorities 90 and 80)
+ * if port security enabled.
+ *
+ * Egress table 9: Egress port security - L2 (priorities 50 and 150).
+ *
+ * Priority 50 rules implement port security for enabled logical port.
+ *
+ * Priority 150 rules drop packets to disabled logical ports, so that
+ * they don't even receive multicast or broadcast packets.
+ */
+ HMAP_FOR_EACH (op, key_node, ports) {
+ if (!op->nbsp || lsp_is_external(op->nbsp)) {
+ continue;
+ }
+
+ ds_clear(&actions);
+ ds_clear(&match);
+
+ ds_put_format(&match, "outport == %s", op->json_key);
+ if (lsp_is_enabled(op->nbsp)) {
+ build_port_security_l2("eth.dst", op->ps_addrs, op->n_ps_addrs,
+ &match);
+
+ if (!strcmp(op->nbsp->type, "localnet")) {
+ const char *queue_id = smap_get(&op->sb->options,
+ "qdisc_queue_id");
+ if (queue_id) {
+ ds_put_format(&actions, "set_queue(%s); ", queue_id);
+ }
+ }
+ ds_put_cstr(&actions, "output;");
+ ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 50,
+ ds_cstr(&match), ds_cstr(&actions));
+ } else {
+ ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 150,
+ ds_cstr(&match), "drop;");
+ }
+
+ if (op->nbsp->n_port_security) {
+ build_port_security_ip(P_OUT, op, lflows);
+ }
+ }
+
+ /* Egress tables 8: Egress port security - IP (priority 0)
+ * Egress table 9: Egress port security L2 - multicast/broadcast
+ * (priority 100). */
+ struct ovn_datapath *od;
+ HMAP_FOR_EACH (od, key_node, datapaths) {
+ if (!od->nbs) {
+ continue;
+ }
+
+ ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_IP, 0, "1", "next;");
+ ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_L2, 100, "eth.mcast",
+ "output;");
+ }
+
+ ds_destroy(&match);
+ ds_destroy(&actions);
+}
+
static void
build_pre_acls(struct ovn_datapath *od, struct hmap *lflows)
{
@@ -4974,61 +5108,12 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports,
* to the next table if packet source is acceptable. */
}
- /* Logical switch ingress table 0: Ingress port security - L2
- * (priority 50).
- * Ingress table 1: Ingress port security - IP (priority 90 and 80)
- * Ingress table 2: Ingress port security - ND (priority 90 and 80)
- */
- struct ovn_port *op;
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbsp) {
- continue;
- }
-
- if (!lsp_is_enabled(op->nbsp)) {
- /* Drop packets from disabled logical ports (since logical flow
- * tables are default-drop). */
- continue;
- }
-
- if (lsp_is_external(op->nbsp)) {
- continue;
- }
-
- ds_clear(&match);
- ds_clear(&actions);
- ds_put_format(&match, "inport == %s", op->json_key);
- build_port_security_l2("eth.src", op->ps_addrs, op->n_ps_addrs,
- &match);
-
- const char *queue_id = smap_get(&op->sb->options, "qdisc_queue_id");
- if (queue_id) {
- ds_put_format(&actions, "set_queue(%s); ", queue_id);
- }
- ds_put_cstr(&actions, "next;");
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50,
- ds_cstr(&match), ds_cstr(&actions));
-
- if (op->nbsp->n_port_security) {
- build_port_security_ip(P_IN, op, lflows);
- build_port_security_nd(op, lflows);
- }
- }
-
- /* Ingress table 1 and 2: Port security - IP and ND, by default goto next.
- * (priority 0)*/
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs) {
- continue;
- }
-
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_ND, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_IP, 0, "1", "next;");
- }
+ build_lswitch_input_port_sec(ports, datapaths, lflows);
/* Ingress table 11: ARP/ND responder, skip requests coming from localnet
* and vtep ports. (priority 100); see ovn-northd.8.xml for the
* rationale. */
+ struct ovn_port *op;
HMAP_FOR_EACH (op, key_node, ports) {
if (!op->nbsp) {
continue;
@@ -5651,49 +5736,7 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports,
}
}
- /* Egress tables 8: Egress port security - IP (priority 0)
- * Egress table 9: Egress port security L2 - multicast/broadcast
- * (priority 100). */
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs) {
- continue;
- }
-
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_IP, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_L2, 100, "eth.mcast",
- "output;");
- }
-
- /* Egress table 8: Egress port security - IP (priorities 90 and 80)
- * if port security enabled.
- *
- * Egress table 9: Egress port security - L2 (priorities 50 and 150).
- *
- * Priority 50 rules implement port security for enabled logical port.
- *
- * Priority 150 rules drop packets to disabled logical ports, so that they
- * don't even receive multicast or broadcast packets. */
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbsp || lsp_is_external(op->nbsp)) {
- continue;
- }
-
- ds_clear(&match);
- ds_put_format(&match, "outport == %s", op->json_key);
- if (lsp_is_enabled(op->nbsp)) {
- build_port_security_l2("eth.dst", op->ps_addrs, op->n_ps_addrs,
- &match);
- ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 50,
- ds_cstr(&match), "output;");
- } else {
- ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 150,
- ds_cstr(&match), "drop;");
- }
-
- if (op->nbsp->n_port_security) {
- build_port_security_ip(P_OUT, op, lflows);
- }
- }
+ build_lswitch_output_port_sec(ports, datapaths, lflows);
ds_destroy(&match);
ds_destroy(&actions);